Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,144 vulnerabilities with CWE-22

CVE-2024-42501 HIGH

Aruba OS <= 10.6.0.2, <= 10.6.0.0, <= 10.4.0.0, <= 8.10.0.13, <= 8.12.0.0, <= 8.12.0.1 - Authenticated Path Traversal

CVE-2024-47049 HIGH

czim/file-handling <1.5.0, <2.3.0 - SSRF & Path Traversal

CVE-2024-44190 MEDIUM

macOS < 13.7, < 14.7, < 15 - Unprotected User Data Exposure via Path Handling Issue

CVE-2024-44167 MEDIUM

iPadOS < 18.0 - Path Traversal and Arbitrary File Write

CVE-2024-27869 MEDIUM

iPadOS < 18.0 - Unauthenticated Screen Recording Without Indicator

CVE-2024-8752 HIGH

WebIQ 2.15.9 - Path Traversal

CVE-2024-8778 MEDIUM

OMFLOW 1.1.6.0-1.2.1.2 - Path Traversal via Download Functionality

CVE-2024-8876 MEDIUM

xiaohe4966 TpMeCMS < 1.3.3.2 - Path Traversal via Lang Argument

CVE-2024-8875 MEDIUM

wcms < 0.3.2 - Path Traversal via /wex/finder.php p Parameter

CVE-2024-8865 LOW

composio < 0.5.8 - Path Traversal via File Parameter in API Download

CVE-2024-8782 MEDIUM

JFinalCMS < 1.0 - Path Traversal via /admin/template/edit name Parameter

CVE-2024-38816 HIGH

Spring WebMvc.fn and WebFlux.fn - Path Traversal via Static Resource Handling

CVE-2024-7961 CRITICAL

Rockwell Automation Pavilion8 < 6.0 - Path Traversal and Remote Code Execution

CVE-2024-8707 MEDIUM

Yunke Online School System <3.0.6 - Path Traversal

CVE-2024-8706 MEDIUM

JFinalCMS <20240903 - Path Traversal

CVE-2024-8694 LOW

JFinalCMS <20240903 - Path Traversal

CVE-2024-7609 HIGH

Vidco VOC TESTER < 12.34.8 - Path Traversal

CVE-2024-45593 CRITICAL

Nix 2.24.0-2.24.5 - Path Traversal and Arbitrary File Write via NAR Unpacking

CVE-2024-21753 MEDIUM

FortiClientEMS 1.2.1-1.2.5 - Path Traversal and Limited File Read/Write via HTTP Requests

CVE-2024-44867 HIGH

phpok v3.0 - Path Traversal and Arbitrary File Read via /autoload/file.php

CVE-2024-37728 HIGH

OfficeWeb365 <8.6.1.0 - Info Disclosure

CVE-2024-0067 MEDIUM

AXIS OS - Path Traversal via VAPIX API ledlimit.cgi

CVE-2024-44720 HIGH

SeaCMS v13.1 - Path Traversal and Arbitrary File Read via admin_safe.php

CVE-2024-8585 MEDIUM

Orca HCM < 11.0 - Authenticated Path Traversal via File Download Parameter

CVE-2024-40712 HIGH

Veeam Backup & Replication <= 12.2.0.334 - Local Privilege Escalation via Path Traversal

Previous Page 101 of 366 Next

Details

Vulnerabilities 9,144

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy